Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-29780
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
Nginx Njs 0.7.2
5.5
CVSSv3
CVE-2022-30503
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
Nginx Njs 0.7.2
5.9
CVSSv3
CVE-2020-8553
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyph...
Kubernetes Ingress-nginx
5.5
CVSSv3
CVE-2021-23021
The Nginx Controller 3.x prior to 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
F5 Nginx Controller
NA
CVE-2014-0088
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 prior to 1.5.11, when running on a 32-bit platform, allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx 1.5.10
8.8
CVSSv3
CVE-2023-23596
jc21 NGINX Proxy Manager up to and including 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, ...
Jc21 Nginx Proxy Manager
5.5
CVSSv3
CVE-2019-15517
jc21 Nginx Proxy Manager prior to 2.0.13 allows %2e%2e%2f directory traversal.
Jc21 Nginx Proxy Manager
5.3
CVSSv3
CVE-2018-1002104
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Kubernetes Nginx Ingress Controller
6.5
CVSSv3
CVE-2022-35241
In versions 2.x prior to 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Instance Manager
9.8
CVSSv3
CVE-2020-7621
strong-nginx-controller up to and including 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.
Ibm Strongloop Nginx Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »